* [PATCH] efi: Allow some cert-related UEFI variables to not be present
@ 2020-01-05 17:34 ignat.loskutov
0 siblings, 0 replies; only message in thread
From: ignat.loskutov @ 2020-01-05 17:34 UTC (permalink / raw)
To: Mimi Zohar, James Morris, Serge E. Hallyn
Cc: linux-security-module, Ignat Loskutov
From: Ignat Loskutov <ignat.loskutov@gmail.com>
get_cert_list() prints an error message if no UEFI variable exists with
the given name. However, the calling code doesn't always consider this
an error. Fix by returning silently in this case.
Signed-off-by: Ignat Loskutov <ignat.loskutov@gmail.com>
---
security/integrity/platform_certs/load_uefi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index 111898aad56e..163ede8d2abc 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -43,6 +43,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
void *db;
status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status == EFI_NOT_FOUND)
+ return NULL;
if (status != EFI_BUFFER_TOO_SMALL) {
pr_err("Couldn't get size: 0x%lx\n", status);
return NULL;
--
2.20.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-01-05 17:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-05 17:34 [PATCH] efi: Allow some cert-related UEFI variables to not be present ignat.loskutov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.